Microsoft Outlook Support

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Tuesday, 26 January 2010

MiFi security weakness highlights need for code auditing

Posted on 09:44 by Unknown

Fortify says MiFi security weakness highlights need for code auditing

January 2010 (Eskenzi PR): News reports that the GPS-enabled Wireless MiFi unit can be persuaded to reveal its position across the internet – without the user being aware of the information leak (http://bit.ly/8tZcKF) – highlights the fact that manufacturers are cutting corners and failing to code audit products before they ship, says Fortify Software.

"As our colleagues at EvilPacket have discovered, the unit's integral GPS interface can be hacked in such a way that a MiFi user visiting a malicious Web site can have their geographic location and passphrase revealed without their permission," said Richard Kirk, European director with the application vulnerability specialist.

"This is symptomatic of a product that has shipped before the designers have thought through the possible security issues with their product, and failed to test the security of the device’s software at all stages of its development," he added.

According to Kirk, regular security testing of the code as part of a development process ensures software that is being developed is inherently secure.

In other words, he explained, this approach `builds security into' the device - as opposed to attempting to add it after the device has been designed as is what will happen in this situation.

This approach, the Fortify European director went on to say, is not only more cost-effective, but also results in applications that are much more secure because security was considered at every step of the development process.

"This isn't singling out the manufacturer of the affected MiFi unit for specific criticism. The failure to test the security of device software at all stages in their development is a common issue amongst technology products - the days of breadboarding up a device and then manufacturing it without a security test of the software have long gone," he said.

"That approach to technology product development may have applied in the early days of computing - as seen by BBC TV's Micro Men recently (http://bit.ly/5aICn) - but technology has moved on, so IT systems designers now owe it themselves, as well as their customers, to test the security of their software at all stages of product development," he added.

For more on Fortify: http://www.fortify.com

Editor's comment: The device in question here is, unfortunately, the Novatel Wireless's MiFi ‘portable Wi-Fi' hotspot, that we reviewed some time ago.

Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • DDoS-Attacks disable many shopping websites, including Amazon
    Just in time for last minute Christmas shopping major shopping sites disabled by Michael Smith (Veshengro) London, December 26, 2009: An...
  • Open Source Software in Business & Government
    by Michael Smith (Veshengro) Lots of Open Source in use in mainland Europe, including EU member states, very little in the UK and less still...
  • Cyber-Ark Expands RSA Secured Partner Program Certification Status
    Cyber-Ark Privileged Identity Management Suite, Inter-Business Vault and Sensitive Document Vault Now Formally Interoperable with RSA enVisi...
  • Infosecurity Adviser applauds forensics lab training facilities at key UK university
    London, UK. May 2009: Infosecurity Adviser, Infosecurity Europe’s online community for the information security industry, has published a r...
  • Scientific company discusses simultaneously protecting applications and data
    Simultaneously protecting applications and data: The next evolution in security? September 2009 (Eskenzi PR) – In a recent Imperva podcast...
  • TUFIN TECHNOLOGIES WINS the PRESTIGIOUS 2010 Computing Security Award for ‘Best bench tested solution of the Year’
    Network Computing and Computing Security Magazine Editors Select Tufin’s SecureChange Workflow as the Top Product Reviewed in 2010 Londo...
  • Brocade Service Could Help Reduce Billions in Data Centre Operations Costs
    New Energy Efficiency Review provides holistic assessment and remedial strategies to help companies optimise efficiency and reduce costs Ene...
  • Infosecurity Europe 2011 Hall of Fame nominations now open
    London UK, February  2011 – The time is ripe to elevate the greatest movers and shakers in the world of information security as nominations ...
  • Tufin survey reveals the truth about fudging audits, IT cost cutting and buying equipment online
    Ramat Gan, Israel – May 27, 2009 – Tufin Technologies today announced the results of its “Reality Bytes” security survey. The survey parti...
  • ISACA’s EuroCACS Conference Demystifies the Cloud
    Event for IT Professionals Will Take Place 20-23 March, Manchester London, England, (8 th March 2011)— Global business and information ...

Categories

  • ASUS
  • AVG Link Scanner
  • BeCrypt
  • book review
  • Brocade
  • Codenomicon
  • Columbian USB stick loss
  • computer recycling
  • Conficker worm
  • Credant Technologies
  • cyber crime
  • Cyber-Ark
  • Cyber-Ark®
  • Data Center
  • data encryption
  • DeviceLock
  • Digital Pathways
  • diskGenie
  • Eclypt
  • Eee PC
  • Eee PC Seashell 1008HA
  • F5 Networks
  • Facebook
  • Finjan
  • Finjan Inc.
  • Finjan MCRC
  • Firewall Management
  • Fortify
  • Fortify 360
  • Fortify Software
  • Fortify® Software
  • gadgets
  • Google
  • Google Chrome
  • green computing
  • green IT
  • IBM
  • Infosec
  • Infosec Europe 2009
  • Infosecurity Adviser
  • Infosecurity Europe
  • Infosecurity Europe 2009
  • Internet privacy
  • iStorage
  • iStorage diskGenie
  • iStorage Ltd.
  • Juniper Networks
  • Lakeland
  • Lapdesk
  • LLC
  • Logitech
  • malware
  • ManageEngine
  • McAfee International Ltd
  • MI6
  • MI6 data loss
  • Microsoft
  • MiFi™ 2352
  • Mio
  • Mobile Broadband
  • MS Office
  • National Cybersecurity Advisor
  • Navman
  • Navman Spirit
  • Netac
  • Novatel
  • Novatel Wireless Intelligent Mobile Hotspot 2352
  • OneClick IntelliPanel Desktop
  • online social media
  • open source
  • OpenOffice.org
  • Optenet
  • Origin Data Locker
  • Origin Storage
  • PNDs
  • product review
  • Red
  • SaaS
  • Sat Nav
  • saving energy
  • Security
  • Shavlik Technologies
  • SIS
  • spam
  • Stonewood Group
  • Storage Area Networks
  • Storage Expo
  • Storage Expo 2009
  • Sun Microsystems
  • Swine Flu
  • Syphan Technologies
  • Throwing Sheep in the Boardroom
  • Tufin Technologies
  • Twitter
  • U256
  • Unisys Security Index
  • USB drives
  • Vektor
  • VisionRacer
  • VisionRacer VR3
  • VMware
  • Weast
  • Web Apps Security
  • WebFilter PC Solution
  • WebSpy
  • XSS-driven attacks

Blog Archive

  • ►  2012 (1)
    • ►  January (1)
  • ►  2011 (67)
    • ►  December (1)
    • ►  April (1)
    • ►  March (14)
    • ►  February (30)
    • ►  January (21)
  • ▼  2010 (192)
    • ►  December (20)
    • ►  November (22)
    • ►  October (19)
    • ►  September (5)
    • ►  August (8)
    • ►  July (5)
    • ►  June (22)
    • ►  May (13)
    • ►  April (11)
    • ►  March (13)
    • ►  February (27)
    • ▼  January (27)
      • Novatel Wireless Announces Successful HSPA+ Dual-C...
      • Origin says Swiss Army encryption challenge worth ...
      • RockYou hack reveals world's most popular passwords
      • FalconStor® FDS Version 2.0 Delivers Enterprise-Cl...
      • Data hung out to dry as 4,500 USBs are left in Dry...
      • 8,378 reasons for better banking security
      • MiFi security weakness highlights need for code au...
      • CTO Doubts Internet Explorer Vulnerability Was Beh...
      • New Security Score Offers Snapshot of Firewall Ris...
      • 360°IT Event gives thumbs up on IBM/Panasonic clou...
      • Lighting Down the Line
      • German Government advice on web security not optimal
      • Oaklee Housing Association protect sensitive data ...
      • False Advertising by Vodaphone
      • Time for multi-factor security on portable data as...
      • Cyber-Ark Labs launched to combat emerging threats...
      • Where Does the Ownership Lie?
      • Creating uniform security across the police force
      • Modified portable devices create significant secur...
      • Serious SQL flaw could have compromised millions
      • Logitech Speaker Lapdesk N700 Brings the Cinema Home
      • Did Santa bring you a Netbook?
      • Police force computer misuse investigation "no sur...
      • Companies advised to code audit open source applic...
      • Securing Web 2.0 in the workplace
      • Kingston Datatraveler security flaws highlight nee...
      • Credant says MoD laptop theft highlights dangers o...
  • ►  2009 (240)
    • ►  December (25)
    • ►  November (9)
    • ►  October (21)
    • ►  September (19)
    • ►  August (30)
    • ►  July (35)
    • ►  June (30)
    • ►  May (21)
    • ►  April (42)
    • ►  March (8)
Powered by Blogger.

About Me

Unknown
View my complete profile